WHAT IS CLAIMED IS : 
1. A system for managing a passive network device from a 
remote location over a distributed computer network, comprising: 

a partner device in communication with a cooperating 
device over a data network using a first communication channel; 

a managed element connected to said data network and 
listening to data traffic on said data network, said managed 
element being transparent to said data network; 

a management center connected to said data network and 
listening to data traffic on said data network, said management 
center being transparent to said data network; ' 

said managed element and said management center 
exchanging data units with one another only indirectly over a 
second communication channel integrated with said first 
communication channel, said data units being sent through said 
first communication channel addressed to at least one of said 
partner device and said cooperating device and being trapped by at 
least one of said managed element and said management center 
through the second communication channel. 



2. The system as set forth in claim 1, wherein said partner 
device communicates with said cooperating device through a 
plurality of intermediate systems. 

3. The system as set forth in claim 2, wherein said partner 
device and said cooperating device run full communication stacks, 
and each of said plurality of intermediate systems runs a subset of 
said full communication stacks. 

4. The system as set forth in claim 3, wherein said full 
communication stacks include a network interface card, a network 
layer, a transport layer and an application layer. 

5. The system as set forth in claim 4, wherein said subset of 
said intermediate systems includes a network interface card and a 
network layer. 

6. The system as set forth in claim 4, wherein said subset of 
said intermediate systems includes a network interface card, a 
network layer and a transport layer. 



7 . The system as set forth in claim 3 , wherein said managed 
element and said management center each include a service provider 
having a host layer, a transmission layer, a validation layer and a 
management service layer. 

8. The system as set forth in claim 7, wherein said 
management service layer concatenates a management header to a 
received data unit, said header including at least one of a 
timestamp, a source address and a destination address. 

9. The system as set forth in claim 7, wherein respective 
application processes run by said managed element and said 
management center communicate with one another over a service 
interface which defines a plurality of primitives. 

10. The system as set forth in claim 9, wherein in response 
to intercepting a command send primitive from said management 
center, said managed element replies with a response send primitive 
which is trapped by said management center. 

11. The system as set forth in claim 9, wherein said managed 
element can communicate unsolicited information to said management 
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center by conveying data addressed to one of said partner device 
and said cooperating device using a trap send primitive which is 
intercepted by said management center using a trap receive 
primitive . 

12. The system as set forth in claim 1, wherein said managed 
element is a passive network device. 

13. A method for managing a passive network device from a 
remote location over a distributed computer network, comprising the 
steps of: 

establishing a first communication channel between a 
partner device and a cooperating device over a data network; 

connecting a managed element to said data network such 
that said managed element can listen to data traffic on said data 
network, said managed element being transparent to said data 
network; 

connecting a management center to said data network such 
that said management center can listen to data traffic on said data 
network, said management center being transparent to said data 
network; 
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establishing a second communication channel between said 
managed element and said management center, said second 
communication channel integrated with said first communication 
channel ; 

initiating a request from said partner and directing said 
request to said cooperating device over said first communication 
channel ; 

detecting, by said management center and said managed 
element, said request; 

fabricating, by said managed element, an answer to said 
request, said answer addressed to said partner and having a source 
address of said managed element; 

pushing said answer onto the network; and 

intercepting, by said management center, said answer. 

14. The method as set forth in claim 13, further comprising 
the steps of: 

intercepting, by said managed element, a command send 
primitive from said management center; and 

pushing, by said managed element, a response onto the 
network with a response send primitive which is trapped by said 
management center . 
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15. The method as set forth in claim 13, further comprising 
the steps of : 

conveying, by said managed element, unsolicited 
information to said management center by conveying data addressed 
to one of said partner device and said cooperating device using a 

trap send primitive; and 

intercepting, by said management center, said information 

through a trap receive primitive. 

16. The method as set forth in claim 13, wherein each of said 
management center and said managed element includes a host layer, a 
transmission layer, a validation layer and a management service 
layer, said method further comprising, when sending a packet, the 
steps of : 

concatenating, by said management service layer, a header 
to a data unit, said header including at least one of a timestamp, 
a destination address, and a source address; 

forwarding the header and data unit to said validation 

layer ; 

appending an authentication code to and encrypting said 

packet ; 



passing the encrypted packet in binary format to said 
transmission layer; 

transforming said binary format into ASCII and building a 
network packet suitable for said host layer; 

passing the network packet to said host layer; and 

inserting said network packet into a transmit queue. 

17 . The method as set forth in claim 13 , wherein each of said 
managed element and said management center includes a host layer, a 
transmission layer, a validation layer and a management service 
layer, said method further comprising, when receiving a packet, the 
steps of: 

monitoring, by said host layer, the network for a packet 
matching a predefined pattern; 

filtering out an appropriate packet; 

forwarding the packet to the transmission layer; 

inserting, in response to determining that the packet is 
a data unit, the data unit into a reception queue; 

converting the data unit into binary format; 

forwarding the binary data unit to said validation layer; 

and 
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computing, by said 
decrypting the data unit. 




validation layer, a packet key and 
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